/*
 * Copyright (c) 2012-2020 MIRACL UK Ltd.
 *
 * This file is part of MIRACL Core
 * (see https://github.com/miracl/core).
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/*
 * Implementation of the Secure Hashing Algorithm (SHA-256)
 *
 * Generates a 256 bit message digest. It should be impossible to come
 * come up with two messages that hash to the same value ("collision free").
 *
 * For use with byte-oriented messages only.
 */

package ext

//import "fmt"
const SHA256 int = 32

const hash256_H0 uint32 = 0x6A09E667
const hash256_H1 uint32 = 0xBB67AE85
const hash256_H2 uint32 = 0x3C6EF372
const hash256_H3 uint32 = 0xA54FF53A
const hash256_H4 uint32 = 0x510E527F
const hash256_H5 uint32 = 0x9B05688C
const hash256_H6 uint32 = 0x1F83D9AB
const hash256_H7 uint32 = 0x5BE0CD19

var hash256_K = [...]uint32{
	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}

type HASH256 struct {
	length [2]uint32
	h      [8]uint32
	w      [64]uint32
}

/* functions */
func hash256_S(n uint32, x uint32) uint32 {
	return (((x) >> n) | ((x) << (32 - n)))
}

func hash256_R(n uint32, x uint32) uint32 {
	return ((x) >> n)
}

func hash256_Ch(x, y, z uint32) uint32 {
	return ((x & y) ^ (^(x) & z))
}

func hash256_Maj(x, y, z uint32) uint32 {
	return ((x & y) ^ (x & z) ^ (y & z))
}

func hash256_Sig0(x uint32) uint32 {
	return (hash256_S(2, x) ^ hash256_S(13, x) ^ hash256_S(22, x))
}

func hash256_Sig1(x uint32) uint32 {
	return (hash256_S(6, x) ^ hash256_S(11, x) ^ hash256_S(25, x))
}

func hash256_theta0(x uint32) uint32 {
	return (hash256_S(7, x) ^ hash256_S(18, x) ^ hash256_R(3, x))
}

func hash256_theta1(x uint32) uint32 {
	return (hash256_S(17, x) ^ hash256_S(19, x) ^ hash256_R(10, x))
}

func (H *HASH256) transform() { /* basic transformation step */
	for j := 16; j < 64; j++ {
		H.w[j] = hash256_theta1(H.w[j-2]) + H.w[j-7] + hash256_theta0(H.w[j-15]) + H.w[j-16]
	}
	a := H.h[0]
	b := H.h[1]
	c := H.h[2]
	d := H.h[3]
	e := H.h[4]
	f := H.h[5]
	g := H.h[6]
	hh := H.h[7]
	for j := 0; j < 64; j++ { /* 64 times - mush it up */
		t1 := hh + hash256_Sig1(e) + hash256_Ch(e, f, g) + hash256_K[j] + H.w[j]
		t2 := hash256_Sig0(a) + hash256_Maj(a, b, c)
		hh = g
		g = f
		f = e
		e = d + t1
		d = c
		c = b
		b = a
		a = t1 + t2
	}
	H.h[0] += a
	H.h[1] += b
	H.h[2] += c
	H.h[3] += d
	H.h[4] += e
	H.h[5] += f
	H.h[6] += g
	H.h[7] += hh
}

/* Initialise Hash function */
func (H *HASH256) Init() { /* initialise */
	for i := 0; i < 64; i++ {
		H.w[i] = 0
	}
	H.length[0] = 0
	H.length[1] = 0
	H.h[0] = hash256_H0
	H.h[1] = hash256_H1
	H.h[2] = hash256_H2
	H.h[3] = hash256_H3
	H.h[4] = hash256_H4
	H.h[5] = hash256_H5
	H.h[6] = hash256_H6
	H.h[7] = hash256_H7
}

func NewHASH256() *HASH256 {
	H := new(HASH256)
	H.Init()
	return H
}

func NewHASH256copy(HC *HASH256) *HASH256 {
	H := new(HASH256)
	for i := 0; i < 64; i++ {
		H.w[i] = HC.w[i]
	}
	for i := 0; i < 8; i++ {
		H.h[i] = HC.h[i]
	}
	H.length[0] = HC.length[0]
	H.length[1] = HC.length[1]
	return H
}

/* process a single byte */
func (H *HASH256) Process(byt byte) { /* process the next message byte */
	cnt := (H.length[0] / 32) % 16

	H.w[cnt] <<= 8
	H.w[cnt] |= uint32(byt & 0xFF)
	H.length[0] += 8
	if H.length[0] == 0 {
		H.length[1]++
		H.length[0] = 0
	}
	if (H.length[0] % 512) == 0 {
		H.transform()
	}
}

/* process an array of bytes */
func (H *HASH256) Process_array(b []byte) {
	for i := 0; i < len(b); i++ {
		H.Process((b[i]))
	}
}

/* process a 32-bit integer */
func (H *HASH256) Process_num(n int32) {
	H.Process(byte((n >> 24) & 0xff))
	H.Process(byte((n >> 16) & 0xff))
	H.Process(byte((n >> 8) & 0xff))
	H.Process(byte(n & 0xff))
}

/* Generate 32-byte Hash */
func (H *HASH256) Hash() []byte { /* pad message and finish - supply digest */
	var digest [32]byte
	len0 := H.length[0]
	len1 := H.length[1]
	H.Process(0x80)
	for (H.length[0] % 512) != 448 {
		H.Process(0)
	}
	H.w[14] = len1
	H.w[15] = len0
	H.transform()
	for i := 0; i < 32; i++ { /* convert to bytes */
		digest[i] = byte((H.h[i/4] >> uint(8*(3-i%4))) & 0xff)
	}
	H.Init()
	return digest[0:32]
}

func (H *HASH256) Continuing_Hash() []byte {
	sh := NewHASH256copy(H)
	return sh.Hash()
}

/* test program: should produce digest */

//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
/*
 func main() {

	 test := []byte("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
	 sh:=NewHASH256()

	 for i:=0;i<len(test);i++ {
		 sh.Process(test[i])
	 }

	 digest:=sh.Hash()
	 for i:=0;i<32;i++ {fmt.Printf("%02x",digest[i])}

 } */
